forked from webmin/usermin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
CHANGELOG
64 lines (64 loc) · 4.69 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---- Changes since 1.070 ----
Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password.
Fixed a bug that stopped user limiting from working when Usermin was run from inetd.
---- Changes since 1.080 ----
Fixed a security hole in the maketemp.pl script, used to create the /tmp/.usermin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Usermin writes to the link filename (CVE bug CAN-2004-0559).
When PAM is used for authentication, expired passwords are now detected and the user is prompted to select a new password (if this feature is enabled on the Usermin Configuration module).
---- Changes since 1.090 ----
Added support for Solaris 10.
Included several additional translations for various languages and modules.
Added support for config- files that allow a range of OS version numbers, and used this to reduce the number of standard config files.
---- Changes since 1.100 ----
When installing or upgrading Usermin, password timeouts are now enabled by default. This protects against brute-force password guessing attacks.
---- Changes since 1.110 ----
All subheadings have been reduced in size with using the default MSC theme.
---- Changes since 1.150 ----
Fixed a bug that could allow a remote attack if the option to use full PAM conversations is enabled.
---- Changes since 1.160 ----
Replaced all calls to the crypt() function with new code that will use the Crypt::UnixCrypt Perl modules on systems for with crypt() is broken.
---- Changes since 1.170 ----
Fixed a possible security hole caused by a bug in Perl.
---- Changes since 1.180 ----
Added support for DAV clients.
---- Changes since 1.190 ----
The From: address for feedback emails is now taken from the Read Mail module.
Proxy settings made in Webmin in the Usermin Configuration module are passed on to programs Usermin calls via the http_proxy and ftp_proxy environment variables.
---- Changes since 1.250 ----
When a large file is uploaded, it is no longer read into memory by miniserv.pl.
Changed the default theme for all installs to the new framed blue theme.
Updated all rows of links (like select all, invert selection, add something) above tables to use a separator between links.
---- Changes since 1.260 ----
Improved support for automatic domain name prepending at long time to check the first and second parts of the hostname in the URL.
Added support for Slam64 Linux.
Fixed XSS bugs in pam_login.cgi.
---- Changes since 1.280 ----
Added support for blocking users with too many failed logins, configurable in Webmin's Usermin Configuration module.
---- Changes since 1.310 ----
Added a search box to the left frame of the blue theme, for finding modules, config options, help pages and text.
All images, CSS and other static content served by Usermin has an HTTP Expires for 1 week in the future, to improve cachability.
Changed the error message that appears when Webmin detects a link from another web page.
---- Changes since 1.320 ----
Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don't supply a Referer: HTTP header.
---- Changes since 1.330 ----
Big Czech translation updates, thanks to Petr Vanek and the Czech translation team.
All popups in Usermin are now XSS-safe, and thus do not need protection from unknown referers which prevented them from working in some browsers.
All Usermin session IDs are now stored MD5 hashed, to prevent sessions from being captured if the sessiondb DBM is somehow read by an attacker.
---- Changes since 1.340 ----
Many Greek translation updates, thanks to Vagelis Koutsomitros.
---- Changes since 1.380 ----
Catalan translation updates by Jaume Badiella.
Converted all core modules to use the new WebminCore perl module instead of web-lib.pl. This significantly improves memory use and load time in code that uses functions from multiple modules, asssuming they have all been converted.
---- Changes since 1.400 ----
Dramatically improved Usermin's search function, to include links to pages that help or UI text comes from. Also changed the layout of results to a more Webmin-ish style.
---- Changes since 1.410 ----
Dutch translation updates, thanks to Gandyman.
---- Changes since 1.430 ----
Added a robots.txt file to block indexing of Usermin by search engines.
---- Changes since 1.440 ----
Catalan translation updates by Jaume Badiella.
---- Changes since 1.460 ----
Major dutch translation updates, thanks to Gandyman.
---- Changes since 1.500 ----
Added support for Ubuntu 12.04.
---- Changes since 1.510 ----
Added the new Gray Framed Theme, and made it the default for new installs.